Hi everyone. I decided to sign up for this site after troubleshooting my issue and nothing seemed to help.
I installed ELK Stack and Logstash from this website:
http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/setup-elk-stack-ubuntu-16-04.html I followed it step by step.
I created this config file called battlefield
input {
file {
path => "/home/vault/Documents/data_sources/battelfield.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
separator => ","
columns => [ "username","hash" ]
}
}
output {
elasticsearch {
action => "index"
hosts => "http://localhost:9200"
index => "data"
workers => 1
}
stdout {}
Sorry about formatting.
Then I run
bin/logstash -f logstash-battlefield.csv
When I run that I get a error message
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[FATAL] 2017-12-14 15:24:55.063 [main] runner - An unexpected error occurred! {:error=>#<ArgumentError: Path "/usr/share/logstash/data" must be a writable directory. It is not writable.>, :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/settings.rb:439:in `validate'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:222:in `validate_value'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:138:in `validate_all'", "org/jruby/RubyHash.java:1342:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:137:in `validate_all'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:243:in `execute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:204:in `run'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in `run'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in `(root)'"]}
So I check to make sure that the config file is there and it is. so I run it again as SUDO because I am unsure of what that error says.
This is the error I get
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[FATAL] 2017-12-14 15:26:22.502 [LogStash::Runner] runner - Logstash could not be started because there is already another instance using the configured data directory. If you wish to run multiple instances, you must change the "path.data" setting.
I checked to make sure that the logstash.yml is in etc/logstash and it is there is a conf.d and a logstash.yml
Can someone please tell me what I am doing wrong? This is my first time using this.